On Wed, Jun 27, 2018 at 9:14 AM, Mariusz Kozakowski < [email protected]> wrote:
> Hello, > > We managed to setup oVirt Engine with your help, now we're facing other > issue. > > I'm trying to configure AD auth for web portal, but unfortunately I got > error during ovirt-engine-extension-aaa-ldap-setup: > > > 2018-06-27 09:06:21,926+02 INFO ====================== > ================================================== > 2018-06-27 09:06:21,926+02 INFO ============================== > Execution =============================== > 2018-06-27 09:06:21,926+02 INFO ====================== > ================================================== > 2018-06-27 09:06:21,927+02 INFO Iteration: 0 > 2018-06-27 09:06:21,928+02 INFO Profile='ad' authn='ad-authn' > authz='ad-authz' mapping='null' > 2018-06-27 09:06:21,928+02 INFO API: > -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS > profile='ad' user='username' > 2018-06-27 09:06:21,945+02 INFO API: > <--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS > profile='ad' result=SUCCESS > 2018-06-27 09:06:21,948+02 INFO --- Begin AuthRecord --- > 2018-06-27 09:06:21,949+02 INFO AAA_AUTHN_AUTH_RECORD_PRINCIPAL: > username > 2018-06-27 09:06:21,949+02 INFO --- End AuthRecord --- > 2018-06-27 09:06:21,950+02 INFO API: > -->Authz.InvokeCommands.FETCH_PRINCIPAL_RECORD principal='username' > 2018-06-27 09:06:21,952+02 WARNING Ignoring records from pool: > 'gc' > 2018-06-27 09:06:21,953+02 SEVERE Cannot resolve principal > 'username' > Hi, are you sure that you are trying to configure either "standalone AD domain" or "AD forrest with multi-domain trust" using the tool? I'm asking because if want to configure AD which is part of AD forrest, you cannot do that using the tool, as this is advanced configuration. And we don't support multi-forrest with multi-domain trusts at all. Could you please describe your AD setup and share with us full output of aaa-ldap-setup tool? Thanks Martin > Do you have any idea what's the issue and what we're missing? As it looks > like credentials are correct - passing wrong username gives fail earlier, > so issue is somewhere after authentication. > > -- > > Best regards/Pozdrawiam/MfG > > *Mariusz Kozakowski* > > Site Reliability Engineer > > Dansk Supermarked Group > Baltic Business Park > ul. 1 Maja 38-39 > 71-627 Szczecin > dansksupermarked.com > > _______________________________________________ > Users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > oVirt Code of Conduct: https://www.ovirt.org/community/about/community- > guidelines/ > List Archives: https://lists.ovirt.org/archives/list/[email protected]/ > message/6BZXOA6ZXMSN5EPC67LNBUSANJLUBHA7/ > > -- Martin Perina Associate Manager, Software Engineering Red Hat Czech s.r.o.
_______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected] Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/[email protected]/message/VD2CTLJTEA2MUKM3DHF2TFMBFIANAGKQ/
